Opened 13 years ago

Last modified 2 years ago

#6152 new defect

User can modify members for other modules

Reported by: axton.grams@… Owned by: Ryan J Ollos
Priority: highest Component: SvnAuthzAdminPlugin
Severity: critical Keywords:
Cc: Trac Release: 0.11

Description (last modified by Ryan J Ollos)


  1. User is authenticated against a project (projA)
  2. User has TRAC_ADMIN Access for projA
  3. User enters a path for another project with the following structure:
  4. User adds a path member to / -> axton

Then member axton will have access to module:path

Attachments (0)

Change History (7)

comment:1 Changed 13 years ago by Michael Renzmann

Description: modified (diff)

comment:2 Changed 12 years ago by Sergio Talens-Oliag

That is so because the user needs TRAC_ADMIN permission to use this module and that implies that he or she has VERSIONCONTROL_ADMIN permission.

To avoid this problem I've patched this module to allow it's use with the SVNAUTHZ_ADMIN permission, removing the need to have TRAC_ADMIN permission to be able to edit the file.

My patch is attached to the ticket #7493 (attachment:ticket:7493:svnauthadmin_permission.diff).

comment:3 Changed 12 years ago by Ryan J Ollos

Cc: Ryan J Ollos added; anonymous removed

comment:4 Changed 8 years ago by Ryan J Ollos

Owner: changed from Kis Gergely to Ryan J Ollos
Status: newassigned

comment:5 Changed 7 years ago by Ryan J Ollos

Description: modified (diff)

#11574 closed as a duplicate.

comment:6 Changed 2 years ago by Ryan J Ollos

Cc: Ryan J Ollos removed

comment:7 Changed 2 years ago by Ryan J Ollos

Status: assignednew

Modify Ticket

Change Properties
Set your email in Preferences
as new The owner will remain Ryan J Ollos.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.